Descriotion:
"In repay_stable_from_liquidation function from stable_pool contract, there is no validation that info.sender is central_control contract. As a consequence, an attacker could repay coins to himself after liquidating other users loans, as shown in the following example:
Attacker gets an extremely low loan.
Attacker liquidates some users and forces the transfer of coins to stable_pool contract, as described in vulnerabilty Liquidated loans without an adequate repayment (see above).
Attacker calls repay_stable_from_liquidation function from stable_pool contract using pre_balance = 0 and minter = attacker address.
Because the loan for the attacker is extremely low, almost all the coins will be transferred from stable_pool to the attacker address."
Code Location:
krp-cdp-contracts/contracts/stable_pool/src/contract.rs#L214-L238
Descriotion: "In
repay_stable_from_liquidation
function from stable_pool contract, there is no validation thatinfo.sender
is central_control contract. As a consequence, an attacker could repay coins to himself after liquidating other users loans, as shown in the following example:repay_stable_from_liquidation
function from stable_pool contract using pre_balance = 0 and minter = attacker address.